CVE-2026-54420
HIGH NVDCVSS Score
8.5
Severity
HIGH
Source
NVD
Published
Jun 14, 2026
Description
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.